Tag: Vulnerabilities and exploits
-
A patched Windows attack surface is still exploitable
In this report, we highlight the key points about a class of recently-patched elevation-of-privilege vulnerabilities affecting Microsoft …
-
CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction
At the end of May, researchers reported a new zero-day vulnerability in MSDT that can be exploited using Microsoft Office documents. The …
-
Spring4Shell (CVE-2022-22965): details and mitigations
Technical details and mitigations for CVE-2022-22965 vulnerability (Spring4Shell) that can help an attacker to execute arbitrary code on a …
-
CVE-2022-0847 aka Dirty Pipe vulnerability in Linux kernel
Exploit for CVE-2022-0847 (Dirty Pipe) vulnerability in Linux kernel is available online. Kaspersky solutions detect and prevent …
-
CVE-2021-44228 vulnerability in Apache Log4j library
The summary of the critical vulnerability CVE-2021-44228 in the Apache Log4j library, technical details and …
-
Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild
CVE-2021-28310 is an out-of-bounds (OOB) write vulnerability in dwmcore.dll, which is part of Desktop Window Manager (dwm.exe). We believe …
-
Threat landscape for industrial automation systems. H1 2020 highlights
Beginning in H2 2019 we have observed a tendency for decreases in the percentages of attacked computers, both in the ICS and in the …
-
Kaspersky raises the red FUD flag over Linux
Russian security firm Kaspersky has published a blog post about the alleged threat to Linux from targeted attacks and so-called advanced …
-
Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium
During our investigation, we discovered that yet another 0-day exploit (CVE-2019-1458) was used in Operation WizardOpium …
-
The King is dead. Long live the King!
In late April 2018, a new zero-day vulnerability for Internet Explorer (IE) was found using our sandbox; more than two years since the last …
●●●